Offshore cloud an adoption barrier, finds KPMG

news A research study partially funded by major offshore cloud computing vendors Salesforce.com, Microsoft, and Google has found that one of the major barriers stopping Australian organisations from migrating to cloud computing platforms is the lack of cloud infrastructure based in Australia, with legislation such as the US Patriot Act cited as key concerns with offshore hosting.

The study, entitled Modelling the Economic Impact of Cloud Computing, was launched by consulting firm KPMG in Sydney this morning, at a launch attended by Communications Minister Stephen Conroy and other senior figures in Australia’s technology sector. You can download the full report in PDF format here.

In general, it found that, should Australian organisations adopt cloud platforms over the next few years, as the experience of “more mature markets” such as the US suggest is likely, then the benefits for both enterprises and the economy as a whole could be “substantial:, lowing ICT operating and capital expenditures significantly, while still boosting overall gross domestic product by a figure of around $3.32 billion per year. However, ultimately KPMG concluded that the Australian cloud computing market was still “at the early stages of adoption”, particularly in comparison to the US and Europe.

The report was commissioned by industry lobby group the Australian Information Industry Association, in coalition with Conroy’s Department and Salesforce.com, and with the support of other vendors such as Microsoft, IBM, Optus, Fujitsu, Google, CSC, Hitachi, IPscale and Macquarie Telecom, all of whom have some skin in the cloud computing game. In its report, KPMG noted that many executives it contacted while conducting research on attitudes towards the cloud “believed that the Australian ICT market does not yet have mature offerings in cloud-deployed solutions”, with some therefore declining to participate in the study.

Additionally, in the “barriers to uptake” section of its report, KPMG noted that issues included the “location of data and related security and data sovereignty issues (including implications of the US Patriot Act)”. A 2009 survey, KPMG noted, had found that although cloud computing made it possible to access services located anywhere in the world, “there is a strong desire for services located within Australia’s borders”. Other issues also included the issue of latency when accessing cloud computing services; which would especially be an issue for services located offshore.

The comments represent something of an irony for companies like Microsoft, Salesforce.com and Google. All three have repeatedly declined over the past half-decade to invest in dedicated cloud computing infrastructure in Australia, as has rival company Amazon.com. In part because of this issue, Salesforce.com and Google have particularly struggled to make headway in Australia’s public sector, which has expressed a particularly strong interest in on-shore facilities, due to regulatory concerns associated with storing information in the US.

Microsoft is known to provide local services from Singapore, and Salesforce.com from Japan, but many Australian organisations have still continually expressed doubts about storing data even in such jurisdictions, which are not known to have the same laws allowing government access to corporate information.

At the event this morning, Conroy reportedly (click here for iTNews’ article on the subject) outlined plans to visit Google’s US headquarters, in an attempt to promote Australia as a potential cloud computing hub, especially associated with the rollout of Labor’s National Broadband Network project over the next decade.

However, the Senator’s lobbying may fall on death ears. Google has over the past several years continually refused to commit to constructing Australian datacentre infrastructure. In February 2010 the company acknowledged “intense interest” from local customers in Australia-based application hosting, but said it would be hard to say that local infrastructure would be “the right path”.
Some of the companies supporting the KPMG study, however — such as Fujitsu, CSC, Macquarie Telecom and Optus — do have Australian infrastructure, and have won significant customer contracts to use that infrastructure over the past several years, with companies as large as top-tier bank Westpac getting involved.

opinion/analysis
Another vendor-supported report produced by a consulting firm, broadly concluding that Australian organisations should adopt new technologies. We’ve seen this a billion times before. So what’s new? Interestingly, quite a lot.

Firstly, let’s be under no illusions. As anyone with any industry experience would expect, KPMG’s report attempts to paint a rosy future for cloud computing in Australia, no doubt with the intention of at least paying lip service to the interests of its corporate sponsors. Although these kinds of reports are, on paper, “independent” — as in, the AIIA and the other sponsors technically can’t pay KPMG to conclude any in particular, there’s always a fine line, and KPMG obviously knows who’s funding its research (and potential future consulting engagements).

But reading between the lines, it’s clear that KPMG has at least done an honest job here. Reading the report, one can’t help but conclude that cloud computing vendors are finding it tough in Australia just now. The hype has died down, early adopters are losing their enthusiasm for the various platforms around, and the whole industry is clearly in what Gartner would call “the trough of disillusionment”.

This, again, is no real surprise. Many within the industry have been aware of this for a while.

But what is interesting is the extent to which a great divide is emerging between the various cloud players. On the one side of the line are companies like CSC, Fujitsu, Optus, Macquarie Telecom and so on, which are implementing on-shore cloud computing solutions and winning early success. Much of what these companies are doing isn’t really technically “cloud computing”, or at least not the “public cloud” that so many people associate with true cloud computing. It tends to be things like “private cloud”, which gives customers much more control over their infrastructure.

On the other side of the line are companies like Salesforce.com, Google, Amazon and Microsoft (although Microsoft has a foot in both camps — public cloud with Azure and private through partnerships with companies like CSC and Fujitsu). These companies are struggling to win public cloud customers in Australia, due to their nature as offshore hosters. As KPMG notes in the report: “Firms are more likely to be using private than public cloud at this point.”

None of this is really a surprise. Companies which invest in Australia, meet the demands of local customers and don’t stick to hardball philosophies which mandate only public cloud and nothing else (I’m thinking here of Salesforce.com’s antiquated concept that software is dead, or Google’s refusal to acknowledge that the idea of private cloud has any merit). But it is interesting to see it spelled out this way, in a report, ironically, sponsored by both sides of the coin.

12 COMMENTS

It’s important to note that guidance from organisations such as AGIMO say it is not sufficient simply that the datacenters are located in Australia, the company/employees must not be coerced by their home nationality…
“Agencies should note it may also be possible for foreign governments to access information held in
their jurisdiction or to access information held in Australia by any company with a presence in their
jurisdiction.
For instance, the USA PATRIOT Act 2001 contains provisions allowing the US Government to access
information in specified circumstances, (i.e. cases involving suspected terrorism or threats to
national security) irrespective of the geographical location and, without necessarily advising the
agency.” Page 5, Privacy and Cloud Computing for Australian Government Agencies, http://agimo.govspace.gov.au/files/2012/02/Cloud-Privacy-Better-Practice-Guide-FINAL.pdf

“On the other side of the line are companies like Salesforce.com, Google, Amazon and Microsoft… These companies are struggling to win public cloud customers in Australia, due to their nature as offshore hosters.”

This seems a little inconsistent Telsyte Cloud study you published last month which said:-

“The research revealed that large multi-national cloud computing providers like Amazon Web Services and Microsoft are making considerable progress in the Australian market with two-thirds of local enterprises that use infrastructure-as-a-service (IaaS) already using their services in some way.”

What’s the real situation? I would say that yes, Telsyte are right, enterprises are using public cloud. But they’re very much using it in edge cases which cost them little. I would say that enterprises are spending more — much more — on private cloud, and that in the core of their networks and critical application layers, public cloud is nowhere to be seen.

Does that make sense? Apologies, I should have been a bit more granular in how I wrote about this.

I read somewhere recently that another issue facing Australian cloud users is one of backup.
It’s all well and good for those supplying companies to set up onshore facilities in Australia, but where do they store the backups. If they are backed up to the U.S.A. then again, The Patriot Act comes into play.
To gain the confidence of Autralian cloud users, there has to be an absolute and ironclad guarantee that no data will ever under any circumstances leave these shores.
The way that large American companies behave, I’m not so sure that anyone would trust those guarantees, if given, anyway.

Laws and regulation on the export of information similar to those we have on the export of goods could go a long way to changing that. If a company CEO can face jail time for “smuggling” information out of the country then there processes will change to ensure it stays on shore unless suitable permissions are gained.

My view is that concerns regarding the Patriot Act are substantially overstated. This is one legal issue that needs to be examined as organisations evaluate the relevance of cloud computing services for their needs. It may be a relevant cause of concern for some oranisations for some categories of data, but the reality for most is that exposure to the Patriot Act would be unlikely to be a ‘showstopper’ in their choice of a cloud services provider , public or private, or indeed any other ICT services provider. Increasing global trade and increasing exposure to the internet via social media, mobile devices etc. make this moreso.

I’m writing cases studies of a number of substantial sized Australian private and public sector organisations, for example, who are mature users of public cloud services from US-based cloud services providers and who do not see this as a material risk – after thorough risk assessment, privacy impact assessment, audit reviews and in-depth legal opinion. It is all about making practical benefit vs. risk trade-offs.

The considerations that organisations should focus on are the quality of the cloud provider’s offering in terms of its functionality, technical performance, operational reliability, cost, the investments that the provider is making in iterative service improvement and the specific terms & conditions of the contract. Theoretical exposure to the Patriot Act is usually a minor issue in the broader landscape of these other considerations, and in any case can be mitigated if required by (a) internal process control and information categorization within the organisation, (b) specific contractual protections with the cloud services provider and (c) encryption of data at rest.

We need to keep a strategic perspective on all of this rather than being frightened by “monsters under the bed” that may or may not exist … and may or may not be dangerous. Turn the light on and have a look! Get some hands-on experience with consuming cloud services and judge the reality of the risks weighed up against the facts of the benefits of services that are faster, better and cheaper than the alternatives.

I don’t doubt for a moment the correctness of your statement. But, it’s about FUD isn’t it. Moving into the cloud is a big decision for a business and it’s not only about costs. So, when a decision maker is hit with all of the variables that you speak of, then, it’s a difficult decision. Hit that decision maker with Patriot Act, insecure servers, hacked servers etc. etc. it makes it really easy to decide to wait a while.
Suggest that all will be fine when there are Australian services available and it becomes too easy to defer a decision.

FUD is indeed what this is all about. It all comes down to practical benefit vs. risk trade-offs which largely sit in the context of the adequacy of the existing in-house or outsourced ICT provision arrangements. The case for cloud is the most clear in organisations with weak or overstressed ICT capabilities – which is unfortunately most small-medium size government agencies and many SMEs.

When in-house ICT capabilities and funding for ICT are adequate then the cloud can seem to be a step too far … fair enough … lucky you for not needing to worry about all of this.

My issue with the whole data sovereignty argument, however, is just that it is being hijacked and overstated by those with a vested interest in the protection of weak ICT capabilities … which is not a good thing for national competitiveness through productivity and innovation.

The fact is that the data sovereignty requirements symbolised by the Patriot Act can be addressed adequately, given all the benefit/risk tradeoffs, and so they are not a material barrier to adoption of public cloud if there is an imperative and a will to consider faster, better, cheaper ways of sourcing ICT capabilities.

Welcome! We were an energetic and engaged community of Australians who worked with or who were interested in technology -- all sorts of IT professionals, IT managers, CIOs, tech policy-makers and tech enthusiasts.